4

A common scenario in web applications:

  • application has lots of classes that need to be stored in Session and are Serializable
  • developer gets a bunch of warnings about "Serializable class does not implement serialVersionUID"
  • developer shrugs and clicks on IDE's "add serialversionUID" and problem is solved?

I don't like automatically adding serialVersionUID in principle since the solution essentially means that

  • most importantly developer states "I know when my changes break serialization and when they do not, and want to control that instead of JVM", when in fact he does not know those things and does not want to control them
  • adding serialVersionUID = 6266256561409620894L is confusing and ugly (ok, you can use 1L)

I understand adding serialVersionUID in an application where class compatibility is an issue and developers actively take that into consideration and understand related issues.

In a typical web application it's not very important when the serialization of classes breaks or not. When a new version is deployed, some extraneous serialized sessions may be broken but this is usually not a problem (and few applications actually properly handle version-compatibility of serialized sessios).

Bottom line: isn't advice "Always define the serialVersionUID explicitly in your source files" simplistic?

user449236
  • 513
  • 1
  • 4
  • 6

4 Answers4

1

I agree with you, and do the same thing on my current project: this warning is disabled completely in the compiler options.

JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255
1

Not sure if you are asking about how much water the advice to defne serialVersionUID in source code holds , or are simply saying that provided the class is not required to be serialized , if it better to circumvent the warning by directly suppressing it or by unwillingly defining a serialiVersionUID anyway.

The two options ( adding serialVersionUID and suppressing warnings ) are two different things. First is to facilitate proper serialization with changing versions of classes and second is no serialization for changing classes. They are not interchangeable - so a programmer when making a choice between the two has to choose the one that suits the design requirements - rather than which is simple.

Bhaskar
  • 7,443
  • 5
  • 39
  • 51
  • Exactly. And if the class isn't required to be serializable why implement Serializable at all? – user207421 Aug 29 '11 at 10:47
  • 1
    Because HttpSession does not need to support storing of objects of that are not Serializable? We want to be able to store our objects in session, but we do not care much if sessions are broken when a new release gets deployed. – user449236 Sep 01 '11 at 14:16
1

It is rarely a good idea not to provide a serialVersionUID.

  • If you omit it, the slightest change to the class makes it incompatible with prior serializations and you get serialization exceptions.

  • If you provide it and later change the class in a way that is compatible with the Object Serialization Specification, Object Versioning section, it works, so you are already ahead. And this covers a lot of cases: specifically it covers all cases where the only thing that has changed is a method.

  • If you change the class in a way that is incompatible with that specification, you will get a serialization exception, and you can then address it.

The situations aren't even slightly comparable. The automatic Object Versioning doesn't care about methods in the slightest or about the most common cases of changes to serializable fields. Relying on the default serialVersionUID calculation excludes many cases that Object Versioning covers.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • That's probably all true, but it does not matter, if we do not care about changes making the class incompatible. If that is not important, and we still need to make classes Serializable to store them in HttpSession, serialVersionUID and the warnings about it are just noise. – user449236 Sep 01 '11 at 14:20
0

You are absolutely right. You should only add a serialVersionUID if you understand what that actually does, and are confident that it is the correct thing to do. You evidently understand what it actually does, and are confident that it is not the correct thing to do, so don't add it.

I see a lot of programmers reflexively adding a serialVersionUID because it shuts the compiler up and doesn't involve adding a @SuppressWarnings. This is the wrong thing to do, and they are bad people.

Bottom line: the advice "Always define the serialVersionUID explicitly in your source files" is not simplistic, it is flat-out wrong.

Tom Anderson
  • 46,189
  • 17
  • 92
  • 133